Your message dated Wed, 11 Oct 2023 19:49:06 +0000
with message-id <e1qqfcc-000lbv...@fasolo.debian.org>
and subject line Bug#771636: fixed in rsyslog 8.2310.0-1
has caused the Debian Bug report #771636,
regarding rsyslog: Please add ProtectSystem=yes to systemd service file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
771636: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771636
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rsyslog
Version: 8.4.2-1
Severity: wishlist
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
Hello,
If you add the option ProtectSystem=yes to the service file, then the
daemon will not have the ability to write to /usr.
There is no reason why it needs to write there, so enabling this
option should not cause any problems.
This option is one of the systemd security features for systemd
service files that was detailed in a talk[0] given by Lennart which
details various security features you can enable in your package's
service files.
micah
[0]
http://ftp.nluug.nl/video/nluug/2014-11-20_nj14/zaal-2/5_Lennart_Poettering_-_Systemd.webm
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages rsyslog depends on:
ii init-system-helpers 1.22
ii initscripts 2.88dsf-58
ii libc6 2.19-13
ii libestr0 0.1.9-1.1
ii libjson-c2 0.11-4
ii liblogging-stdlog0 1.0.4-1
ii liblognorm1 1.0.1-3
ii libuuid1 2.25.2-3
ii lsb-base 4.1+Debian13+nmu1
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages rsyslog recommends:
ii logrotate 3.8.7-1+b1
Versions of packages rsyslog suggests:
pn rsyslog-doc <none>
pn rsyslog-gnutls <none>
pn rsyslog-gssapi <none>
pn rsyslog-mongodb <none>
pn rsyslog-mysql | rsyslog-pgsql <none>
pn rsyslog-relp <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: rsyslog
Source-Version: 8.2310.0-1
Done: Michael Biebl <bi...@debian.org>
We believe that the bug you reported is fixed in the latest version of
rsyslog, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 771...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <bi...@debian.org> (supplier of updated rsyslog package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 11 Oct 2023 21:07:34 +0200
Source: rsyslog
Architecture: source
Version: 8.2310.0-1
Distribution: unstable
Urgency: medium
Maintainer: Michael Biebl <bi...@debian.org>
Changed-By: Michael Biebl <bi...@debian.org>
Closes: 688889 771636
Changes:
rsyslog (8.2310.0-1) unstable; urgency=medium
.
* New upstream version 8.2310.0
* Enable various systemd sandboxing and security hardening features in
rsyslog.service (Closes: #688889, #771636)
Checksums-Sha1:
4ffd538bd89f06f1eacf550e02c7cdf6c1eb4762 3313 rsyslog_8.2310.0-1.dsc
702012a5ed36fe2a07bed78f80de1915787aac75 3349174 rsyslog_8.2310.0.orig.tar.gz
d9f9350784af1bc303b77a9a98d6225306b48679 30400 rsyslog_8.2310.0-1.debian.tar.xz
07a8df83d458c29a42ae01e1508c020c3259c6bc 8270
rsyslog_8.2310.0-1_source.buildinfo
Checksums-Sha256:
848cb880686d739743e9a4df306dd9a6d435a0b3f85c20985b2ed080bb54f444 3313
rsyslog_8.2310.0-1.dsc
20d9ce792bf0a7ed0703dbf0941490f8be655f48b55b4bebdc0827bbb0ddbf11 3349174
rsyslog_8.2310.0.orig.tar.gz
4091a901d8bf05d25baa83a025d860a26b9f1ef3a7b38c114683e6d9dde5763a 30400
rsyslog_8.2310.0-1.debian.tar.xz
12e34d7677fc33a6c87e49c10fae7bbad053592f04793a87f901b16e4177e574 8270
rsyslog_8.2310.0-1_source.buildinfo
Files:
6d1d53fcb0e9bb5f810578a9ca5dedae 3313 admin optional rsyslog_8.2310.0-1.dsc
e492884a5f64d2a069684fcb21171114 3349174 admin optional
rsyslog_8.2310.0.orig.tar.gz
31d87a959509b9441c05d301d2146897 30400 admin optional
rsyslog_8.2310.0-1.debian.tar.xz
15f1a32aa2e78375f18528ccca67f417 8270 admin optional
rsyslog_8.2310.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmUm9x0ACgkQauHfDWCP
ItyAzQ//UcMOtoT8mCmLMb58gddSHBKnPr/p3j2EXCJ94Mo+4wS+TvJ+CuAJHYb/
cxmgxXL5Y1Aeam1wqVMOugFNVDLfgkzwgkCfiJu4nHx7Ji5vmLmFtP1eTdvHK3vm
wC7R5p33+3fAa6okJViuoBvdEUQ7OxTm/5KlTc9OBXLZRD9YUYzp/FIb84ujD606
QphrihJCq+6SRycDhbtIgFael+6nJUE+E44RulqmGJPiguoXZ6t+uDKUkMms7ChZ
/AFVX/0VA1cAHZsGqyKQ2qen4Qcud80VH97Xk8byluJxSp8g/sYwXhGbMTXf1Qd9
Ywu0bDo8g7if2npWYezNAbteO6d9ecIFtyz/sZd06etM4cEo/XsvEM4mygTtI/i1
7usl5/AqJx4Dz9aAmbzIO5ZxUT9moBfgZAZ99JGPvSWNpbm1M5m/B0wVaD14uJJo
gEwBjVdFJlUB4lJ2vdWf2WN+aGcsBXB67JpxDq9YL8UTLVz7Xwwnj/SBjzWWO+V8
tSPURWloG0By2DqvC4Te0dM84coJLCi1w7ubDui8mtqjIGAFaYZUVS/2eWorZWj5
emsc5oUipvl6Sw9v7gEGD6Y2zoLpQD3H3obyzXmxZfocBfPskhxz2B5yR1G03XdW
8FYllznfxUsHi30A0/ibsW/VlqGEvAS5MCuOzQ5KwUkSmnd18/w=
=m0/I
-----END PGP SIGNATURE-----
--- End Message ---
